logo

Database

Reflected cross-site scripting (XSS) In shopware/shopware

Description

Shopware Non-Persistent XSS in the Frontend A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web browser.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-jqr7-5h7r-ch8p

References

1. https://github.com/shopware5/shopware/commit/54461aa651566dc2701b873fe6bd94589604751b2. https://community.shopware.com/_detail_2048.html3. https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2018?category=shopware-5-en/security-updates4. https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2018-01-22.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.